user0/rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

exit: document interaction with C

Browse source
This commit is contained in:
Ralf Jung 2025-01-30 22:15:26 +01:00
parent 81d8edc200
commit 7b5e847ae5
2 changed files with 32 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/std/src/env.rs
View file

@ -330,7 +330,7 @@ impl Error for VarError {
///
/// Discussion of this unsafety on Unix may be found in:
///
/// - [Austin Group Bugzilla](https://austingroupbugs.net/view.php?id=188)
/// - [Austin Group Bugzilla (for POSIX)](https://austingroupbugs.net/view.php?id=188)
/// - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=15607#c2)
///
/// To pass an environment variable to a child process, you can instead use [`Command::env`].

34
library/std/src/process.rs
View file

@ -2003,9 +2003,9 @@ impl ExitCode {
///
/// Note that this has the same caveats as [`process::exit()`][exit], namely that this function
/// terminates the process immediately, so no destructors on the current stack or any other
/// thread's stack will be run. If a clean shutdown is needed, it is recommended to simply
/// return this ExitCode from the `main` function, as demonstrated in the [type
/// documentation](#examples).
/// thread's stack will be run. Also see those docs for some important notes on interop with C
/// code. If a clean shutdown is needed, it is recommended to simply return this ExitCode from
/// the `main` function, as demonstrated in the [type documentation](#examples).
///
/// # Differences from `process::exit()`
///
@ -2297,6 +2297,34 @@ impl Child {
/// considered undesirable. Note that returning from `main` also calls `exit`, so making `exit` an
/// unsafe operation is not an option.)
///
/// ## Safe interop with C code
///
/// This function is safe to call as long as `exit` is only ever invoked from Rust. However, on some
/// platforms this function is implemented by calling the C function [`exit`][C-exit]. As of C23,
/// the C standard does not permit multiple threads to call `exit` concurrently. Rust mitigates this
/// with a lock, but if C code calls `exit`, that can still cause undefined behavior. Note that
/// returning from `main` is equivalent to calling `exit`.
///
/// Therefore, it is undefined behavior to have two concurrent threads perform the following
/// without synchronization:
/// - One thread calls Rust's `exit` function or returns from Rust's `main` function
/// - Another thread calls the C function `exit` or `quick_exit`, or returns from C's `main` function
///
/// Note that if a binary contains multiple copies of the Rust runtime (e.g., when combining
/// multiple `cdylib` or `staticlib`), they each have their own separate lock, so from the
/// perspective of code running in one of the Rust runtimes, the "outside" Rust code is basically C
/// code, and concurrent `exit` again causes undefined behavior.
///
/// Individual C implementations might provide more guarantees than the standard and permit concurrent
/// calls to `exit`; consult the documentation of your C implementation for details.
///
/// For some of the on-going discussion to make `exit` thread-safe in C, see:
/// - [Rust issue #126600](https://github.com/rust-lang/rust/issues/126600)
/// - [Austin Group Bugzilla (for POSIX)](https://austingroupbugs.net/view.php?id=1845)
/// - [GNU C library Bugzilla](https://sourceware.org/bugzilla/show_bug.cgi?id=31997)
///
/// [C-exit]: https://en.cppreference.com/w/c/program/exit
///
/// ## Platform-specific behavior
///
/// **Unix**: On Unix-like platforms, it is unlikely that all 32 bits of `exit`